Today, Chairman Tom Wheeler of the Federal Communications Commission (FCC) circulated a Notice of Proposed Rulemaking (NPRM) that would apply privacy requirements under the Communications Act to internet service providers (ISP). The full FCC Commission will debate and vote on the draft proposal on March 31.

Under the Chairman’s proposal, ISPs would be permitted to use and share customer data for marketing purposes, unless the customer opts-out. ISPs would also be permitted to use consumer data to provide broadband services without additional customer consent, but would be required to obtain affirmative ‘opt-in’ consent from the customer prior to using or sharing customer data for all other purposes.

The proposal also specifies data breach notification requirements, including the requirement to notify customers within 10 days of a data breach discovery.

The announcement marks the first regulatory action taken by the Commission to regulate ISP privacy practices following the adoption of net neutrality rules in February 2015 that reclassified broadband as a telecommunication service under Title II of the Telecommunications Act. Prior to reclassification, ISPs were regulated under the Federal Trade Commission’s privacy regime, which will continue to govern the privacy practices of all other online services and outlets. If adopted by the Commission following the March 31 vote, the proposal would be made open for public comment.